Hey,
so here is my issue:
I installed x-pack on elastiic kibana ana logstash
the connection kibana elastic works fine.
unfortunatly logstash-elasticsearch in not flowing smoothly.
here is the error u am getting:
:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
i created a user and a role here are the settings
{
"logstash_writter" : {
"cluster" : [
"manage_index_templates",
"monitor"
],
"indices" : [
{
"names" : [
"winlogbeat-*"
],
"privileges" : [
"write",
"delete",
"create_index"
]
}
],
"run_as" : ,
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
and user:
{
"logstash_internal" : {
"username" : "logstash_internal",
"roles" : [
"logstash_writter"
],
"full_name" : "Internal Logstash User",
"email" : null,
"metadata" : { },
"enabled" : true
}
}
for my config file:
input {
beats {
port => 5140
}
}
output{
elasticsearch{
hosts => ["localhost:9200"]
sniffing => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => logstash_internal
password => logstash
}
syslog{
host => "192.168.0.5"
port => 514
}
}
and i added those lines at the end of my logstash.yml:
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logsash_system
xpack.monitoring.elasticsearch.password: logstash
Am i missing something?
i'm running all that on a Centos7 latest version 6.2 of elastic.
i have been stuck on that for 3 days now i even freshly reinstalled ELK.
Thank you